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(54) Method and system of securing data and systems 



(57) A computer implemented method of providing 
a computer login session with a user, comprising the 
steps of: generating a sequence of user recognizable 
codes; prompting the user to orally reproduce the gen- 
erated sequence of codes: recording the orally repro- 
duction of the sequence; performing a speech and 



speaker analysis to identify the user and provide the us- 
er with pre-specified access privileges to the computer. 

And a computer implemented method of providing 
secure communication between computers communi- 
cating successions of data packets via a computer net- 
work, comprising synchronisation of encryption keys 
generator and decryption keys generator 
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Description 

[0001] This invention relates to a method of control- 
ling a login session in a system that provides privileges 
to a user and a method of secure data communication. 
[0002] More particularly, the invention relates to se- 
curity software for the purpose of IT security functionality 
in multi managed protocol (MMP) public network and in- 
tra & extranet environments. 

[0003] MMP comprises Virtual Private Networking 
(VPN). VPN is an IP based product that incorporates 
many types of services ie data transfer and Voice over 
IP (VoIP). VPN is based on creating a tunnel on a public 
network instead of dedicated lines. 
[0004] Some common definitions for carrying Private 
Virtual Networks are: 

♦ VPN for voice using PSTN; and 

• VPN for data by using i.e. x.25, frame relay or ATM 
PDN's. 

[0005] When using a VPN it is viewed as an expan- 
sion of a Remote Access function (typically PPP) over 
an IP network like the Internet by creating tunnelling. By 
use of a tunnel a remote user, uses a local POP. The 
call is then directed to the Remote Access server in com- 
pany x through the public network. For the user it ap- 
pears that he or she is connected directly to the compa- 
ny. 

[0006] The transmission this far been based on two 
types of protocol, Layer-Two- Forwarding (L2F) and 
Point-to-Point-Tunnelling-Protocol. This however is mi- 
grating into a common protocol Layer-Two-Tunnel ling- 
Protocol (L2TP). 

[0007] Some of the problems posed with VPN are that 
the traffic carried within the L2TP today is subject to a 
security risk. The problem exists on different levels i.e. 
authentication and authorisation. There are various ba- 
sic protocols for authorisation and authentication i.e. 
CHAP and TACAS+ and RADIUS. Once privileges to 
these protocols have been have been granted to a user, 
the protection of the VPN traffic relies on the encrypted 
tunnel. 

[0008] The encryption in place is not considered safe 
enough. In fact VPN traffic with the right equipment can 
be hacked "on the fly'. Currently, the VPN's are getting 
bigger and bigger. The network device manufactures 
are using switches that allow more traffic and more serv- 
ices and it is possible for the communication vendors to 
sell more and more traffic. Consequently, security prob- 
lems have escalated. 

[0009] The security problem is a compound one. Each 
user must have an IP Sec on their connecting computer. 
IP Sec is a network security protocol (within VPN on the 
user/client side) that ensures authentication, integrity, 
access control and security when transmitting IP pack- 
ages over the Internet. However, security may fail in er- 



roneously providing privileges to persons launching and 
using the I P Sec. Secu rity may also fail in that an I P Sec 
transmission can be hacked on the LAN or WAN side of 
the network. 

5 [0010] Furthermore, the prior art involves the problem 
that, on the one hand speaker recognition based sys- 
tems may erroneously grant privileges to an intruder that 
plays back a recording of the voice of a person entitled 
to privileges. On the other hand speech recognition sys- 

10 terns may fail in that the user has to remember a code. 

Summary of the invention 

[0011] The above mentioned problems are solved 
when the method mentioned in the opening paragraph 
comprises the steps of: generating a code; providing the 
user with the generated code; sampling an oral repro- 
duction of a code, wherein the oral reproduction is pro- 
vided by the user; performing speaker and speech anal- 
ysis to identify the user and recognize the oral reproduc- 
tion of the code; determining whether the generated 
code and the oral reproduction of the code match, and 
if they match providing privileges to the user. 
[0012] Thereby the user is provided with a code which 
- immediately after it is provided to the user - can be 
repeated by the user. More sessions between a system 
and a user will run smoothly and thus improve operabil- 
ity in that fewer sessions must be handled as exceptions 
originating from a user being unable to remember a 
code. 

[0013] When the code is generated as a random or 
pseudo-random code it will be impossible or at least al- 
most impossible to play back a recording of the voice of 
a person with privileges to erroneously or even thievish- 
ly gain privileges. 

[0014] Preferably, the code is generated between two 
consecutive login sessions. The code may be generated 
immediately after a user request. 
[0015] When the method is invoked in response to an 
oral user request, very compact user interface means 
can be used, ie no display or keyboard is needed for 
granting privileges. Thereby the method can be imple- 
mented at places normally not allowing for an advanced 
user interface: for instance in car doors for providing ac- 
cess privileges to a car. 

[0016] Since speech and speaker analysis is a rela- 
tively complex processing task, the method preferably 
comprises a step of sampling an oral reproduction of the 
user request; wherein samples of the user request is 
used as input to a pre-analysis in a process of identifying 
the user. 

[0017] The pre-analysis is preferably a speech-inde- 
pendent analysis to identify a subset of speakers. 
Thereby the pre-analysis can be carried out despite 
words/sounds reproduced by the user/speaker not be- 
ing recognizable. 

[0018] The samples of the oral reproduction of the 
code are used to refine the pre-analysis to identify the 



20 



25 



30 



35 



40 



45 



50 



2 



BNSDOCID: <EP 1176493A2J_> 



3 



EP 1 176 493 A2 



4 



speaker as a unique user. Thereby the processing task 
is temporally distributed such that the user perceives a 
faster processing time/response time. 
[0019] In a preferred embodiment the code is gener- 
ated from samples of the oral user request. This allows 
for controlling the pseudo-randomness used in gener- 
ating the codes. 

[0020] The code may comprise words, letters, num- 
bers, or sounds/references to sounds. Correspondingly, 
a user may provide a pronunciation of a word, letter, 
number or sound to gain the privileges. The pronuncia- 
tion must be in specified languages. 
[0021] In an expedient embodiment the request is 
processed to identify a specified function by performing 
a speech analysis on samples of the oral request to 
identify and activate the specified function. Such an oral 
request could be 'open door* resulting in activation of a 
function of opening a specified door; 'start internet 
browser' resulting in an internet browser being started 
on a computer, etc. 

[0022] If a system provides different functions that 
should be restricted to different groups of users, it is con- 
venient to be able to determine whether the identified 
user has privileges to the specified function; and to deny 
access if the user does not have privileges to the spec- 
ified function. An administration function may be provid- 
ed to associate privileges with different users and func- 
tions. 

[0023] For instance during booting a system, it may 
be convenient if the method is invoked automatically in 
a state of the system by prompting the user to orally re- 
produce the generated code. 

[0024] Alternatively or additionally the method may be 
invoked at timed intervals. This further increases secu- 
rity. 

[0025] When the method further comprises the step 
of transmitting data from a first computer to a second 
computer via a network the privileges to transmit data 
may be restricted to specified users. 
[0026] In order to secure data transmissions effective- 
ly the method preferably comprises the steps of: gener- 
ating a first sequence of encryption keys at a first com- 
puter connected to the computer network; generating a 
second sequence of encryption keys at a second com- 
puter connected to the computer network; wherein the 
first and second sequences are synchronized to pro- 
duce identical sequences of encryption keys, which se- 
quences are temporally pseudo-random; and encrypt- 
ing data at a transmitting computer with a key in the first 
sequence ; transmitting the encrypted data to a receiving 
computer; and decrypting the encrypted data packet 
with a corresponding key from the second sequence. 
Thereby encryption keys can be changed frequently. 
This greatly enhances the security of a transmission. 
[0027] It is preferred that the privileges are required 
for encrypting and transmitting data. 
[0028] When the privileges are required for decrypt- 
ing, the encrypted data security is enhanced at a receiv- 



er side. 

[0029] Moreover, the invention relates to a computer 
readable medium encoded with a program for carrying 
out the method when run on a computer, and a computer 
5 program product for carrying out the method when run 
on a computer. 

[0030] The invention also relates to a system having 

means for carrying out the method. 

[0031] Further the invention relates to a method of 

10 providing secure communication between computers 
communicating data via a network, comprising the steps 
of: generating a first sequence of encryption keys at a 
first computer connected to the computer network; gen- 
erating a second sequence of encryption keys at a sec- 

*5 ond computer connected to the computer network: 
wherein the first and second sequences are synchro- 
nized to produce identical sequences of encryption 
keys, which sequences are temporally pseudo-random; 
and encrypting data al a transmitting computer with a 

20 key in the first sequence; transmitting the encrypted da- 
ta to a receiving computer; and decrypting the encrypted 
data packet with a corresponding key from the second 
sequence. 

[0032] It is preferred that the step of encrypting data 
25 is initiated upon a request by a user with specified priv- 
ileges. 

[0033] The invention will be explained more fully be- 
low in connection with a preferred embodiment and with 
reference to the drawing, in which: 

30 

fig. 1 shows a block diagram of a computer system 
utilizing speech recognition for controlling a user's 
access privileges to a computer; 

35 fig. 2 shows a block diagram of a computer/network 
system for receiving and/or transmitting data ac- 
cording to the invention; 

fig. 3 shows a flowchart for a method of verifying a 
40 user identity in a login session by means of speaker 
and speech recognition; 

fig. 4 shows a first flowchart for a method of a login 
session in a computer; 

45 

fig. 5 shows a flowchart for a method of transmitting 
data via a network; 

fig. 6 shows a flowchart for a method of receiving 
so data via a network; 

fig. 7 shows a second flowchart for a method of a 
login session; 

55 fig. 8 shows a second flowchart for a method of a 
login session; and 

fig. 9 shows a block diagram of a so-called SLANG 
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speaker/speech recognition algorithm. 

[0034] Fig. 1 shows a block diagram of a computer 
system utilizing speech recognition for controlling a us- 
er's access privileges to a computer. Basically, a com- 
puter 102 has speaker and speech recognition means 
for determining whether a user 1 01 has access privileg- 
es to the computer system. In a login session to the com- 
puter, the user is prompted to speak a code e.g. "A B C 
1 2 3". The code may comprise elements in the form of 
words, letters, numbers, or a reference to a sound. The 
computer will then determine whether the voice of the 
speaker is known by the computer, and whether the 
prompted code matches the spoken code. This requires 
that the elements of the code are recognizable by the 
computer. The codes may be determined to match if a 
user's utterance of the spoken code is recognised as 
the prompted code, ie the code was repeated correctly. 
A code can be prompted by audio and/or display means. 
The prompt can be activated by means of a keyboard, 
voice recognition means, proximity means detecting 
whether a user is present, etc. 

[0035] If the codes are ascertained to match, the user 
is subsequently enabled with pre-specified access priv- 
ileges. 

[0036] The privileges can be granted by a computer 
that provides privileges to resources/functions/applica- 
tions of the computer. Typically, this includes privileges 
to a computer network. In alternative embodiments the 
computer is used to provide privileges to other means 
such as cars, houses and office buildings, or remote 
controlled devices. 

[0037] Fig. 2 shows a block diagram of a computer/ 
network system for receiving and/or transmitting data. 
Generally, it is assumed that Wide Area Networks 201 
are involved with the risk that different types of intruders 
205 are trying to capture data transmissions between 
other users 202 and 206 of the network. Such a network 
201 may be the Internet or a Virtual Private Network. 
However, this risk can be diminished. 
[0038] According to the invention users can commu- 
nicate, comprising transfer/receive/exchange of data, 
with each other by means of encoding and decoding de- 
vices changing an encryption/decryption key dynami- 
cally according to a sequence generated by a synchro- 
nised transmitting computer and an authorized receiver 
or multiple authorised receivers. 

[0039] Prior to communication a transmitting client 
208 and a receiving client 203 exchange a secret se- 
quence S. This sequence may be generated be a net- 
work unit and supplied to the transmitting and receiving 
clients. This sequence S is subsequently used to initial- 
ise the two key generators 207 and 204. According to 
the invention these key generators are arranged to gen- 
erate identical sequences of keys that are temporarily 
random provided they are initialised with identical se- 
quences. These temporarily random keys are used to 
encrypt and decrypt the data to be transmitted. Thereby 



only the transmitting client and the receiving client 
knows the encryption/decryption keys. 
[0040] It is possible for the communicating clients to 
receive the initialising sequence from a network unit 208 
5 or to agree on an initialising sequence manually isolated 
from the computer network. 

[0041] Fig. 3 shows a block diagram of a computer 
system 315 for receiving and/or transmitting data ac- 
cording to the invention. When the computer system 315 

10 is booted by a user the sequence generator 301 gener- 
ates an arbitrary sequence of word, phrases, letters and/ 
or numbers to be communicated to the user by means 
of an audio output-device 302 (alternatively, the se- 
quence can be displayed on a computer display). In re- 

15 sponse thereto the user repeats the sequence to be re- 
corded by an audio input device 303 comprising a mi- 
crophone (not shown). The recorded sound is provided 
as input to a so-called SLANG algorithm 304 (see www. 
cpk.auc.dk for further details). The SLANG algorithm is 

20 capable of recognising the user by identifying informa- 
tion in the sound signal being unique to a single human 
being based on pre-recorded voice signals from that us- 
er (i.e. so-called speaker recognition). Further, the 
SLANG algorithm is capable of carrying out spccch-rcc- 

25 ognition. The output from the SLANG algorithm is there- 
by capable of reproducing the sequence spoken by the 
user. 

[0042] A sequence comparator 305 is invoked to com- 
pare the sequence reproduced by the SLANG algorithm 

30 304 and the sequence generated by the sequence gen- 
erator 301. In response to the comparison it is deter- 
mined whether the user has responded with the se- 
quence he was prompted to respond with. 
[0043] An access controller 310 is connected to the 

35 SLANG algorithm and the sequence generator to deter- 
mine which user is trying to access the computer sys- 
tem. If the speaker is recognized, the controller looks up 
a table with access privileges to enable the user with 
corresponding access privileges. Information about the 

40 access privileges is provided to the operating system 
306 utilizing this information for administering the privi- 
leges to computer system resources. The operating sys- 
tem is stored in volatile/non-volatile memory 313 and 
am by the CPU 308. 

45 [0044] A BIOS (Basic Input Output System) 309 is ac- 
tually the first device started when a user tries to gain 
access to the computer 315, this in turn invokes the se- 
quence generator 301 and the access controller 310. 
[0045] In case a user wants to connect to a compu- 

50 terized network service via a network connector 312 
connected to a network 314 a pseudo-random genera- 
tor 311 is controllable from an authorized network de- 
vice. 

[0046] A network device can be connected to the net- 
55 work or being a part of the network e.g. a router, a switch, 
a firewall, a multi-plexer, hub, another computer includ- 
ing a client or server computer. 

[0047] Fig. 4 shows a flowchart for a method of a login 
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session in a computer. In step 401 a state of booting the 
computer activates that a code S1 is generated. Subse- 
quently, a user is prompted to pronounce the code S1 
in step 402. The speech is sampled and stored for anal- 
ysis. In step 403 a process of performing speaker and 
speech analysis is carried out on the sampled speech. 
If the speaker/user is recognised the speaker is associ- 
ated with a user ID. If moreover the speech of the speak- 
er is recognised a representation of the speech or the 
spoken code is stored as a code S2. 
[0048] In step 405 and 406 it is ascertained whether 
S1 and S2 match eg by examining whether S1 is equal 
to S2. If S1 and S2 do not match the user is discarded 
in step 407. This may involve allowing the user to access 
a predefined number of times eg 3 times. 
[0049] If S1 and S2 do match user-rights or privileges 
granted the user is looked-up in step 408, eg in a data- 
base. Finally, the user is provided with privileges or 
rights to system resources. 

[0050] It should be noted that the term code also is 
referred to as a password. 

[0051 ] Fig. 5 shows a flowchart for a method of trans- 
mitting data via a network. In step 501 a request for a 
data transmission is sent from a client to a network unit. 
In step 502 the client is waiting for a sequence S from 
the network unit, and in step 503 the sequence S is re- 
ceived. Based on the sequence S a pseudo-random en- 
cryption key KEY is generated. In step 505 the data DA- 
TA to be transmitted from the client is encrypted by 
means of the key KEY. The resulting encrypted data are 
transmitted to a specified receiver in step 506. If. during 
transmission of data, a new sequence S is received from 
the network unit the method resumes at step 503 via 
step 507. 

[0052] Fig. 6 shows a flowchartfora method of receiv- 
ing data via a network. In step 601 a client waits for a 
request from a network unit to receive data. In step 602 
the client transmits an acknowledge signal to the net- 
work unit when the client is prepared to receive the data. 
Subsequently, in step 603 the client is waiting for a se- 
quence S from the network unit, and in step 604 the se- 
quence S is received. 

[0053] Based on the sequence S a pseudo-random 
decryption key KEY is generated in step 605. In step 
606 encrypted data DATA to be received from another 
tranmitting client is decrypted by means of the key KEY. 
I n step 607 the client continues to receive encrypted da- 
ta as long as encrypted data arrives according to a spec- 
ified protocol. 

[0054] The resulting encrypted data are transmitted 
to a specified receiver in step 506. If, during receipt of 
data, a now sequence S is received from the network 
unit the method resumes at step 503 via step 507. 
[0055] In an alternative embodiment a client may host 
the role of the network unit: ie to issue sequences for 
generating encryption/decryption keys. 
[0056] Communication between a client and a net- 
work unit is established by means of known computer 



communication techniques. 

[0057] Generally it should be noted that synchronisa- 
tion between communicating parties can be maintained 
by counting the number of data packets received and 
5 transmitted , giving each packet an identification number 
etc, a time stamp, etc. 

[0058] Moreover, it should be noted that the pseudo- 
random generator should be selected to be character- 
ized in that: 

10 

• it can be started with an initialisation parameter; and 

• it can produce (large) random temporal sequences 
of numbers (encryption keys); and 

15 

• it can produce reproducible sequences. 

[0059] A simple example of generating synchronized 
key sequences - not fulfilling the above criteria and only 
illustrating the synchronised sequence generation prin- 
ciple: 

[0060] In a very simple example the starting sequence 
exchanged between two communicating clients/users 
may be the sequence {2,3} instructing the synchronized 
algorithms to take the number '2* and generate encryp- 
tion/decryption keys by adding the number '3 1 to '2' re- 
peatedly. The result of the add-operation being used as 
encryption/decryption keys as the sequence 
{2,5,8,11,14,...}. Assuming that an intruder isn't able to 
mirror this add-algorithm which in a practical embodi- 
ment is for more complex, and/or that he doesnl know 
the sequence {2 : 3} a secure communication scheme is 
developed. However, it should be stressed that this ex- 
ample is very very simple. 

[0061] Fig. 7 shows a second flowchart for a method 
of a login session. In step 701 a code is generated ran- 
domly or pseudo-randomly and provided to a user in 
step 702. The code may be provided by means of audio 
means, display means or by other suitable means. In 
step 703 samples of what is assumed to be a user's oral 
reproduction of the code are acquired. In step 704 the 
samples are processed to identify the speaker ie the us- 
er and recognise the spoken code. If a match between 
the code provided to the user and the recognised code 
reproduced by the speaker match each other (Y) privi- 
leges for using a systems resources is granted in step 
707. Alternatively, if the codes did not match access 
privileges are denied in step 706. 
[0062] Grant of privileges to a system's resources can 
comprise access to transmit or receive data securely via 
a computer network. The method terminates in step 
709. 

[0063] The method can be invoked and resume at 
step 701 upon a user request or a system request. 
[0064] Fig. 8 shows a second flowchart for a method 
of a login session. In step 801 the method waits for an 
oral user/speaker request. When a request is detected 
samples of the oral request are acquired in step 802. 
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Based on these samples a process of trying to identify 
the user/speaker is carried out/initiated in step 803. 
Subsequently or concurrently, a code is provided to the 
user/speaker in step 804. 

[0065] In step 805 samples of what is assumed to be 
a user's oral reproduction of the code are acquired. In 
step 806 the samples are processed to recognise the 
spoken code. If a match between the code provided to 
the user and the recognised code reproduced by the 
speaker identified in step 803 matches each other (Y) 
privileges for using a systems resources is granted in 
step 809. Alternatively, if the codes did not match access 
privileges are denied in step 808. The method termi- 
nates in step 709. 

[0066] If a unique speaker cannot be identified in step 
803, samples of the oral reproduction of the code may 
be used to identify the speaker uniquely. Additionally or 
alternatively, the process in step 803 may be provided 
with more processing power and/or lime. 
[0067] The method can be invoked and resume at 
step 701 upon a user request or a system request. 
[0068] Turning into details about the SLANG algo- 
rithm: 

[0069] Speech recognition is one of the key research 
areas within the Speech Communication group at CPK 
and it is therefore important to have available a flexible 
and extendible state-of-the-art recognition system. The 
SLANG research system is developed to make availa- 
ble an environment aimed for conducting structured 
spoken language research with focus on (near) real- 
time medium-to-large vocabulary real-world continuous 
speech recognition applications. 
[0070] CPK is currently establishing the infrastructure 
spoken language resources required to build next gen- 
eration flexible vocabulary speech recognisers (see 
www.cpk.auc.dk/speech/ 

acquisition_of_spoken_language.html). The purpose 
of the SLANG research system is therefore also to pro- 
vide the necessary environment to exploit the spoken 
language resources. 

[0071 ] The SLANG research system provides both an 
experimental continuous speech recognition platform 
and a recogniser available as a component in a real- 
world spoken language dialogue system. This implies 
the need to pay special attention, in the implementation, 
to handling of barge-in ; noise-robustness in real envi- 
ronments, on-line speaker adaptation elc. An overall di- 
agram of the SLANG system is shown in Figure A. 
[0072] So far spoken language dialogue systems and 
development tools have been based on the assumption 
that a dialogue can be viewed as a concatenated se- 
quence of well defined sub-grammars, each constrain- 
ing the recogniser at a particular state within the dia- 
logue. The present implementation is also an attempt to 
take into account future more advanced constraining 
mechanisms as a basis for improving the recogniser 
performance during execution within a dialogue system. 
[0073] HTK is a powerful and wide-spread tool for the 



development and testing of Hidden Markov Model 
based speech recognizers. Given the fact that HTK has 
been used at CPK for several years and that it repre- 
sents a state of the art implementation, the SLANG sys- 

5 tern will support HTK 2.0 speech files formats as well as 
HTK 2.0 file formats for acoustic models. 
[0074] Although the SLANG algorithm is preferred 
other speaker and speech recognition algorithms can 
be used according to the invention. US patent no. 

10 6,076,054 discloses methods and apparatus for gener- 
ating speaker dependent speaker recognition. 
[0075] Generally, the invention may be embodied as 
a computer program or a part of a computer program, 
which may be loaded into the memory of a computer 

15 and executed therefrom . The computer program may be 
distributed by means of any data storage or data trans- 
mission medium. The storage media can be magnetic 
tape, optical disc, compact disc (CD or CD-ROM), mini- 
disc, hard disk, floppy disk, ferro-electric memory, elec- 

20 trically erasable programmable read only memory 
(EEPROM), flash memory, EPROM, read only memory 
(ROM), static random access memory (SRAM), dynam- 
ic random access memory (DRAM), ferromagnetic 
memory, optical storage, charge coupled devices, smart 

25 cards, etc. The transmission medium can be a network, 
e.g. a local area network (LAN), a wide area network 
(WAN), or any combination thereof, e.g. the Internet. 
The network may comprise wire and wire-less commu- 
nication links. Via the network a software embodiment 

30 (i.e. a program) of the invention, or a part thereof, may 
be distributed by transferring a program via the network. 
[0076] Further it should be stressed that the invention 
by no means is limited to the described preferred em- 
bodiment. 

35 [0077] The methods accordin g to the invention can in- 
terface via compliant API's to know systems such as 
WINDOWS NT UNIX and LINUX. 
[0078] Although the above description has mentioned 
VPN the invention is by no means limited to VPN. 

40 [0079] The foundation of the technical solution is 
based on resolving the following: 

• Generating private key by the user (K1 )n+1 



• Black Box (U) (key generator) 

• Generic Network device (GN) 

50 

• (speech and speaker recognition i.e. by word spot- 
ting or prompting) 

• Priority control (MP) 

55 

Synchronizing keys (KS) of (K1) n+1 & (K2) n+1 

• Verification (V) 



45 • Generating private key by the host (K2) n+1 
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• Authentication (A) 

• Verification (V1) of (K1) n+1 & (K2) n+1 

• Authentication (A1 ) of (K1 ) n+1 & (K2) n+1 

• Time sequence code kill (T) 

• Autorization (AU) 

• IP transmission (I) (Internet, intra or extranet i.e. 
VPN) 

[0080] The above mention offers total security based 
on the fact that the key generated codes only exists 
once, cannot be simulated and becomes useless if sto- 
len. Further the key generated codes cannot be manip- 
ulated, reused or used for pattern recognition for pur- 
pose of imposing as an authorised user on the net. 
[0081] Very simplified how a connection according to 
the invention can be described as follows: 
[0082] User 1 and User 2 communicates in an en- 
crypted environment. When they log-on the computer 
ask the user to speak a word or number sequence. This 
will always be randomised. To start a transmission Keys 
(codes) are generated. These are synchronized and 
verified by the company or ISP server which allows the 
transmission to take place. If the code that authorises 
the transmission is intercepted the code dies. 
[0083] The solution is self explanatory when using 
Voice over IP since words are generated by the mere 
course of a phone conversation. When transferring da- 
ta, the computer will simply prompt the user to say dif- 
ferent words or number sequences. This means that if 
a transmission is intercepted after the log-on procedure 
has taken place the continuously flow of keys will lock 
out the interceptor and make the intercepted data use- 
less. The key generation at the user site has been de- 
signed so that key are generated outside the operating 
system environment (i.e. Windows) and thereby- elimi- 
nating a majority of hacker tools (More than about 90% 
of hacker tools are designed to interfere in the operating 
system (so this in itself is important)). 
[0084] A method according to the invention will work 
in an IP environment, therefore it can be used for other 
types of actions than described in the above model i.e. 
it will be able to work in controlling html documents. 



Claims 

1 . A method of controlling a login session in a system 
that provides privileges to a user, comprising the 
steps of: 

generating a code; 

providing the user with the generated code; 



sampling an oral reproduction of a code, where- 
in the oral reproduction is provided by the user; 

performing speaker and speech analysis to 
5 identify the user and recognize the oral repro- 

duction of the code; 

determining whether the generated code and 
the oral reproduction of the code match, and if 
10 they match providing privileges to the user. 

2. A method according to claim 1 wherein the code is 
generated as a random or pseudo-random code. 

*5 3. a method according to claims 1 or 2 wherein the 
code is generated between two consecutive login 
sessions. 



4. A method according to claim 1 wherein the method 
20 is invoked in response to an oral user request. 

5. A method according to claim 4 further comprising 
the step of sampling an oral reproduction of the user 
request; wherein samples of the user request is 

25 used as input to a pre-analysis in a process of iden- 

tifying the user. 

6. A method according to claim 5 wherein the samples 
of the oral reproduction of the code is used to refine 

30 the pre-analysis to identify the user. 

7. A method according to claim 4 wherein the code is 
generated from samples of the oral user request. 

35 8. A method according to claim 4 wherein the code 
comprises words, letters, numbers, or a reference 
to a sound. 

9. A method according to claim 4 wherein the request 
40 is processed to identify a specified function by per- 
forming a speech analysis on samples of the oral 
request to identify and activate the specified func- 
tion. 

45 10. A method according to claim 9 further comprising 
the step of determining whether the identified user 
has privileges to the specified function; and denying 
access if the user does not have privileges to the 
specified function. 

so 

11. A method according to claim 1 wherein the method 
is invoked automatically in a state of the system by 
prompting the user to orally reproduce the generat- 
ed code. 

55 

12. A method according to claim 1 wherein the method 
is invoked at timed intervals. 



7 



BNSDOCID: <EP 1176493A2J_> 



EP1 176 493 A2 



13. A method according to claim 1 further comprising 
the step of transmitting data from a first computer 
to a second computer via a network. 

14. A method according to claim 1 further comprising 5 
the steps of: 

generating a first sequence of encryption keys 
at a first computer connected to the computer 
network; 10 

generating a second sequence of encryption 
keys at a second computer connected to the 
computer network; 

wherein the first and second sequence are syn- *5 
chronized to produce identical sequences of 
encryption keys, which sequences are tempo- 
rally pseudo-random; and 

encrypting data at a transmitting computer with 20 
a key in the first sequence; 

transmitting the encrypted data to a receiving 
computer; and 

25 

decrypting the encrypted data packet with a 
corresponding key from the second sequence. 

15. A method according to claim 14 wherein the privi- 
leges are required for encrypting and transmitting 30 
data. 

16. A method according to claim 14 wherein the privi- 
leges are required for decrypting the encrypted da- 
ta. 35 

17. A computer readable medium encoded with a pro- 



18. 



1 9. A system having means for carrying out the method <*5 
as set forth in any of claims 1 through 16. 

20. A method of providing secure communication be- 
tween computers communicating data via a net- 
work, comprising the steps of: so 



wherein the first and second sequence are syn- 
chronized to produce identical sequences of 
encryption keys, which sequences are tempo- 
rally pseudo-random: and 

encrypting data at a transmitting computer with 
a key in the first sequence; 

transmitting the encrypted data to a receiving 
computer; and 

decrypting the encrypted data packet with a 
corresponding key from the second sequence. 

21 . A method according to claim 20 wherein the step of 
encrypting data is initiated upon a request by a user 
with specified privileges. 

22. A method according to claim 20 wherein data are 
transmitted in packets. 

23. A computer readable medium encoded with a pro- 
gram for carrying out the method as set forth in any 
of claims 20 through 22 when run on a computer. 

24. A computer program product for carrying out the 
method as set forth in any of ctaims 20 through 22 
when run on a computer. 

25. A system having means for carrying out the method 
as set forth in any of claims 20 through 22. 



A computer readable medium encoded with a pro- 
gram for carrying out the method as set forth in any 
of claims 1 through 16 when run on a computer. 

A computer program product for carrying out the 
method as set forth in any of claims 1 through 16 
when run on a computer. 



generating a first sequence of encryption keys 
at a first computer connected to the computer 
network; 

generating a second sequence of encryption 
keys at a second computer connected to the 
computer network; 
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